Fedora Local Security Checks : Fedora: Security Advisory (FEDORA-2025-4e7e2c40e0)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.9.2025.41017101299401010

Kategorie: Fedora Local Security Checks

Titel: Fedora: Security Advisory (FEDORA-2025-4e7e2c40e0)

Zusammenfassung: The remote host is missing an update for the 'php' package(s) announced via the FEDORA-2025-4e7e2c40e0 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'php' package(s) announced via the FEDORA-2025-4e7e2c40e0 advisory.

Vulnerability Insight:
**PHP version 8.3.19** (13 Mar 2025)

**BCMath:**

* Fixed bug [GH-17398]([link moved to references]) (bcmul memory leak). (SakiTakamachi)

**Core:**

* Fixed bug [GH-17623]([link moved to references]) (Broken stack overflow detection for variable compilation). (ilutov)
* Fixed bug [GH-17618]([link moved to references]) (UnhandledMatchError does not take zend.exception_ignore_args=1 into account). (timwolla)
* Fix fallback paths in fast_long_{add,sub}_function. (nielsdos)
* Fixed bug [GH-17718]([link moved to references]) (Calling static methods on an interface that has `__callStatic` is allowed). (timwolla)
* Fixed bug [GH-17797]([link moved to references]) (zend_test_compile_string crash on invalid script path). (David Carlier)
* Fixed [GHSA-rwp7-7vc6-8477]([link moved to references]) (Reference counting in php_request_shutdown causes Use-After-Free). (**CVE-2024-11235**) (ilutov)

**DOM:**

* Fixed bug [GH-17847]([link moved to references]) (xinclude destroys live node). (nielsdos)

**FFI:**

* Fix FFI Parsing of Pointer Declaration Lists. (davnotdev)

**FPM:**

* Fixed bug [GH-17643]([link moved to references]) (FPM with httpd ProxyPass encoded PATH_INFO env). (Jakub Zelenka)

**GD:**

* Fixed bug [GH-17772]([link moved to references]) (imagepalettetotruecolor crash with memory_limit=2M). (David Carlier)

**LDAP:**

* Fixed bug [GH-17704]([link moved to references]) (ldap_search fails when $attributes contains a non-packed array with numerical keys). (nielsdos, 7u83)

**LibXML:**

* Fixed [GHSA-wg4p-4hqh-c3g9]([link moved to references]) (Reocurrence of php#72714). (nielsdos)
* Fixed [GHSA-p3x9-6h7p-cgfc]([link moved to references]) (libxml streams use wrong `content-type` header when requesting a redirected resource). (**CVE-2025-1219**) (timwolla)

**MBString:**

* Fixed bug [GH-17503]([link moved to references]) (Undefined float conversion in mb_convert_variables). (cmb)

**Opcache:**

* Fixed bug [GH-17654]([link moved to references]) (Multiple classes using same trait causes function JIT crash). (nielsdos)
* Fixed bug [GH-17577]([link moved to references]) (JIT packed type guard crash). (nielsdos, Dmitry)
* Fixed bug [GH-17899]([link moved to references]) (zend_test_compile_string with invalid path when opcache is enabled). (David Carlier)
* Fixed bug [GH-17868]([link moved to references]) (Cannot allocate memory with tracing JIT). (nielsdos)

**PDO_SQLite:**

* Fixed [GH-17837]([link moved to references]) ()::getColumnMeta() on unexecuted statement segfaults). (cmb)
* Fix cycle leak in sqlite3 setAuthorizer(). (nielsdos)

**Phar:**

* Fixed bug [GH-17808]([link moved to references]): PharFileInfo refcount bug. (nielsdos)

**PHPDBG:**

* Partially fixed bug [GH-17387]([link moved to references]) (Trivial crash in phpdbg lexer). (nielsdos)
* Fix memory leak in phpdbg calling registered function. (nielsdos)

**Reflection:**

* Fixed bug [GH-15902]([link moved to ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'php' package(s) on Fedora 40.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2024-11235
Common Vulnerability Exposure (CVE) ID: CVE-2025-1217
Common Vulnerability Exposure (CVE) ID: CVE-2025-1219
Common Vulnerability Exposure (CVE) ID: CVE-2025-1734
Common Vulnerability Exposure (CVE) ID: CVE-2025-1736
Common Vulnerability Exposure (CVE) ID: CVE-2025-1861

Copyright Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.9.2025.41017101299401010
Kategorie:	Fedora Local Security Checks
Titel:	Fedora: Security Advisory (FEDORA-2025-4e7e2c40e0)
Zusammenfassung:	The remote host is missing an update for the 'php' package(s) announced via the FEDORA-2025-4e7e2c40e0 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'php' package(s) announced via the FEDORA-2025-4e7e2c40e0 advisory. Vulnerability Insight: PHP version 8.3.19 (13 Mar 2025) BCMath: * Fixed bug [GH-17398]([link moved to references]) (bcmul memory leak). (SakiTakamachi) Core: * Fixed bug [GH-17623]([link moved to references]) (Broken stack overflow detection for variable compilation). (ilutov) * Fixed bug [GH-17618]([link moved to references]) (UnhandledMatchError does not take zend.exception_ignore_args=1 into account). (timwolla) * Fix fallback paths in fast_long_{add,sub}_function. (nielsdos) * Fixed bug [GH-17718]([link moved to references]) (Calling static methods on an interface that has `__callStatic` is allowed). (timwolla) * Fixed bug [GH-17797]([link moved to references]) (zend_test_compile_string crash on invalid script path). (David Carlier) * Fixed [GHSA-rwp7-7vc6-8477]([link moved to references]) (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235) (ilutov) DOM: * Fixed bug [GH-17847]([link moved to references]) (xinclude destroys live node). (nielsdos) FFI: * Fix FFI Parsing of Pointer Declaration Lists. (davnotdev) FPM: * Fixed bug [GH-17643]([link moved to references]) (FPM with httpd ProxyPass encoded PATH_INFO env). (Jakub Zelenka) GD: * Fixed bug [GH-17772]([link moved to references]) (imagepalettetotruecolor crash with memory_limit=2M). (David Carlier) LDAP: * Fixed bug [GH-17704]([link moved to references]) (ldap_search fails when $attributes contains a non-packed array with numerical keys). (nielsdos, 7u83) LibXML: * Fixed [GHSA-wg4p-4hqh-c3g9]([link moved to references]) (Reocurrence of php#72714). (nielsdos) * Fixed [GHSA-p3x9-6h7p-cgfc]([link moved to references]) (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219) (timwolla) MBString: * Fixed bug [GH-17503]([link moved to references]) (Undefined float conversion in mb_convert_variables). (cmb) Opcache: * Fixed bug [GH-17654]([link moved to references]) (Multiple classes using same trait causes function JIT crash). (nielsdos) * Fixed bug [GH-17577]([link moved to references]) (JIT packed type guard crash). (nielsdos, Dmitry) * Fixed bug [GH-17899]([link moved to references]) (zend_test_compile_string with invalid path when opcache is enabled). (David Carlier) * Fixed bug [GH-17868]([link moved to references]) (Cannot allocate memory with tracing JIT). (nielsdos) PDO_SQLite: * Fixed [GH-17837]([link moved to references]) ()::getColumnMeta() on unexecuted statement segfaults). (cmb) * Fix cycle leak in sqlite3 setAuthorizer(). (nielsdos) Phar: * Fixed bug [GH-17808]([link moved to references]): PharFileInfo refcount bug. (nielsdos) PHPDBG: * Partially fixed bug [GH-17387]([link moved to references]) (Trivial crash in phpdbg lexer). (nielsdos) * Fix memory leak in phpdbg calling registered function. (nielsdos) Reflection: * Fixed bug [GH-15902]([link moved to ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'php' package(s) on Fedora 40. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-11235 Common Vulnerability Exposure (CVE) ID: CVE-2025-1217 Common Vulnerability Exposure (CVE) ID: CVE-2025-1219 Common Vulnerability Exposure (CVE) ID: CVE-2025-1734 Common Vulnerability Exposure (CVE) ID: CVE-2025-1736 Common Vulnerability Exposure (CVE) ID: CVE-2025-1861
Copyright	Copyright (C) 2025 Greenbone AG